From f7252519beabb35fb2412992a971f20e0d4048a9 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Fri, 14 Aug 2020 11:28:17 +0200
Subject: Update crt utils

---
 .local/bin/crt-fetch | 50 ++++++++++++++++++++++++++++++++++++++
 .local/bin/crt-fp    | 68 ++++++++++++++++++++++++++++++----------------------
 2 files changed, 90 insertions(+), 28 deletions(-)
 create mode 100755 .local/bin/crt-fetch

(limited to '.local')

diff --git a/.local/bin/crt-fetch b/.local/bin/crt-fetch
new file mode 100755
index 0000000..670669f
--- /dev/null
+++ b/.local/bin/crt-fetch
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+
+main()
+{
+	# Handle opts
+	while getopts ":h" opt
+	do
+		case "$opt" in
+			h) usage && exit 0 ;;
+			*)
+				printf "Invalid option passed: %s\n" "$OPTARG" >&2
+				;;
+		esac
+	done
+
+	shift $(( OPTIND - 1 ))
+
+	# Show help
+	[ -z "$1" ] && usage && exit 1
+
+	# Perform the request to fetch the certificate, and print it on STDOUT
+	printf "%s" "" \
+		| openssl s_client -connect "$1:${2:-443}" 2> /dev/null \
+		| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
+}
+
+usage()
+{
+	cat <<EOF
+Usage:
+	${0##*/} -h
+
+Nondescript
+
+Options:
+	-h  Show this help text and exit.
+EOF
+}
+
+main "$@"
diff --git a/.local/bin/crt-fp b/.local/bin/crt-fp
index a764ba6..ec14fcc 100755
--- a/.local/bin/crt-fp
+++ b/.local/bin/crt-fp
@@ -10,49 +10,61 @@
 # FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
 # details.
 
+# Space-separated list of supported algorithms
+readonly ALGS="md5 sha1 sha256"
+
 main()
 {
 	# Handle opts
-	opts "$@"
-	shift "$OPTS"
-	unset OPTS
+	while getopts ":g:h" opt
+	do
+		case "$opt" in
+			g) DO_ALGS="$DO_ALGS $OPTARG" ;;
+			h) usage && exit 0 ;;
+			*)
+				printf "Invalid option passed: %s\n" "$OPTARG" >&2
+				;;
+		esac
+	done
+
+	shift $(( OPTIND - 1 ))
 
-	# Show help
-	[ "$OPT_HELP_ONLY" ] && usage && exit 0
-	[ -z "$1" ] && usage && exit 1
+	# Set algs to show by default
+	[ -z "$DO_ALGS" ] && DO_ALGS="$ALGS"
+
+	# Use STDIN as cert if no arguments are given
+	if [ -z "$*" ] || [ "$1" = "-" ]
+	then
+		no_args=1
+		set -- "$(mktemp)"
+		cat > "$1"
+	fi
 
 	# Generate fingerprint info for all certificates in question
 	for crt in "$@"
 	do
-		printf "%s: \n" "$crt"
-		for alg in md5 sha1 sha256
+		# Skip this certificate if it does not exist
+		if [ ! -f "$crt" ]
+		then
+			printf "No such file or directory: %s\n" "$crt" >&2
+			continue
+		fi
+
+		# Skip the filename if only a single file is being checked
+		[ "$#" -gt 1 ] && printf "%s: \n" "$crt"
+
+		# Show fingerprints for files
+		for alg in $DO_ALGS
 		do
-			printf "  %-8s %s\n" "$alg" "$(fingerprint "$alg" "$crt")"
+			[ "$#" -gt 1 ] && printf "%s" "\t"
+			printf "%-6s %s\n" "$alg" "$(fingerprint "$alg" "$crt")"
 		done
 	done
 }
 
 fingerprint()
 {
-	openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" \
-		| awk -F= '{ print $NF }'
-}
-
-opts()
-{
-	OPTS=0
-
-	while getopts ":h" opt
-	do
-		case "$opt" in
-			h) OPT_HELP_ONLY=1 ;;
-			*)
-				printf "Invalid option passed: %s\n" "$OPTARG" >&2
-				;;
-		esac
-	done
-
-	unset opt
+	openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" | awk -F= '{ print $NF }'
 }
 
 usage()
-- 
cgit v1.1